EC-COUNCIL EC-COUNCIL Certifications ECSAv8 Questions & Answers

• Question 71:

  Choose the correct option to define the Prefix Length.

  

  A. Prefix Length = Subnet + Host portions

  B. Prefix Length = Network + Host portions

  C. Prefix Length = Network + Subnet portions

  D. Prefix Length = Network + Subnet + Host portions

  Correct Answer: D

• Question 72:

  Which of the following attacks is an offline attack?

  A. Pre-Computed Hashes

  B. Hash Injection Attack

  C. Password Guessing

  D. Dumpster Diving

  Correct Answer: A

  Reference: http://nrupentheking.blogspot.com/2011/02/types-of-password-attack-2.html

• Question 73:

  The Internet is a giant database where people store some of their most private information on the cloud, trusting that the service provider can keep it all safe. Trojans, Viruses, DoS attacks, website defacement, lost computers, accidental publishing, and more have all been sources of major leaks over the last 15 years.

  

  What is the biggest source of data leaks in organizations today?

  A. Weak passwords and lack of identity management

  B. Insufficient IT security budget

  C. Rogue employees and insider attacks

  D. Vulnerabilities, risks, and threats facing Web sites

  Correct Answer: D

• Question 74:

  You have compromised a lower-level administrator account on an Active Directory network of a small

  company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of

  the Domain Controllers on port 389 using Idp.exe.

  What are you trying to accomplish here?

  A. Poison the DNS records with false records

  B. Enumerate MX and A records from DNS

  C. Establish a remote connection to the Domain Controller

  D. Enumerate domain user accounts and built-in groups

  Correct Answer: D

• Question 75:

  Which of the following pen testing reports provides detailed information about all the tasks performed during penetration testing?

  

  A. Client-Side Test Report

  B. Activity Report

  C. Host Report

  D. Vulnerability Report

  Correct Answer: B

• Question 76:

  Identify the person who will lead the penetration-testing project and be the client point of contact.

  A. Database Penetration Tester

  B. Policy Penetration Tester

  C. Chief Penetration Tester

  D. Application Penetration Tester

  Correct Answer: C

  Reference: http://www.scribd.com/doc/133635286/LPTv4-Module-15-Pre-Penetration- Testing-Checklist-NoRestriction (page 15)

• Question 77:

  A man enters a PIN number at an ATM machine, being unaware that the person next to him was watching. Which of the following social engineering techniques refers to this type of information theft?

  A. Shoulder surfing

  B. Phishing

  C. Insider Accomplice

  D. Vishing

  Correct Answer: A

• Question 78:

  During the process of fingerprinting a web application environment, what do you need to do in order to analyze HTTP and HTTPS request headers and the HTML source code?

  A. Examine Source of the Available Pages

  B. Perform Web Spidering

  C. Perform Banner Grabbing

  D. Check the HTTP and HTML Processing by the Browser

  Correct Answer: C

• Question 79:

  Identify the correct formula for Return on Investment (ROI).

  A. ROI = ((Expected Returns ?Cost of Investment) / Cost of Investment) * 100

  B. ROI = (Expected Returns + Cost of Investment) / Cost of Investment

  C. ROI = (Expected Returns Cost of Investment) / Cost of Investment

  D. ROI = ((Expected Returns + Cost of Investment) / Cost of Investment) * 100

  Correct Answer: C

  Reference: http://www.investopedia.com/terms/r/returnoninvestment.asp

• Question 80:

  Identify the type of firewall represented in the diagram below:

  

  A. Stateful multilayer inspection firewall

  B. Application level gateway

  C. Packet filter

  D. Circuit level gateway

  Correct Answer: B

  Reference: http://www.technicolorbroadbandpartner.com/getfile.php?id=4159 (page 13)